Earlier today, I saw a very concerning tweet from Steve Streza about how Dropbox has been doing funky stuff inside of OS X/macOS. Not for nefarious purposes, mind you. Almost certainly not. Furthermore, it doesn’t look like they are storing a copy of your password, as some reports have said—and which would be really, really bad. No, they’ve simply been installing things in a way that let’s them retain root privileges so that they don’t have to bug you again when they want to change things up later.
In other words, they effectively backdoor your system so that they don’t have to ask again if they can add or change things later on.
After all, every time they ask permission, not only do they annoy the user, they let them consider saying no, which is always bad for numbers in a company driven by the almighty gods of daily, weekly, and monthly active usage.
Regardless of the user experience argument of keeping things simple so that the user doesn’t have to make more decisions, there are two big problems with the way that Dropbox does this:
Furthermore. Dropbox is moving functionality into a kernel extension as part of Project Infinite. It’s pretty cool stuff—heck, I want it now!—except for the part where they’ll install a kext without asking or telling you. Regardless of whether or not you want a closed source kernel extension running in your system—and you very well might to get the benefits of an infinite cloud based filesystem—it’s shitty to put one in on the sly.
It’s like instead of giving your plumber a key for the week to work on your kitchen, you give them permanent access so that they can add some toilets and another kitchen later when they feel like it, even if you didn’t ask.
So, how do they do it? Phil Stokes shows part of how it’s done.
Is it legit or not? Ben from Dropbox gives their rationale on Hacker News.
Maybe. Maybe not. I’m not the one to tell you whether the utility of Dropbox is worth the risk. Dropbox has been damn useful for a long time. Then again, there are alternatives. You’ll need to make up your own mind on this.
Personally, I’m going to give life without Dropbox on my system a go. I’ll keep it for the cloud based file sharing, but will spend at least a few weeks without the nifty magic auto-sync bits. After that, I’ll re-evaluate.
Quitting and deleting it used to work and is well documented, but it no longer does the trick. Instead, you’ll get a lovely dialog box telling you that it can’t be deleted because some of its extensions are in use. Dropbox’s help center provides the essential extra step: You have to unlink your Dropbox account first before you quit and uninstall Dropbox. So that means:
But wait! Before you go further, you’ll also want to get rid of the helpers. To do that, you’ll need to drop to the command line and—very carefully, that sudo part is messing around with fire—execute the following:
$ sudo rm -rf /Library/DropboxHelperTools
You were careful with that sudo, right? Good. Now, you may or may not have the kernel extension installed. I didn’t, and here’s how I checked:
$ ls /Library/Extensions/Dropbox.kext
ls: /Library/Extensions/Dropbox.kext: No such file or directory
If you do have the kext installed, you can nuke it—again, being careful with the sudo—like this:
$ sudo rm -rf /Library/Extensions/Dropbox.kext
Next, you’ll also want to clean up some stuff from your System Preferences:
Now, you’re ready to delete the Dropbox app and purge your trash. Then reboot and check. That should do it.
Of course, this is probably not the only way to do it, but it’s the order I finally hit on to get Dropbox off my system. Your mileage may vary. Good luck and godspeed.
Create your free account to unlock your custom reading experience.